Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: stefanobr on July 09, 2020, 02:58:25 am

Title: Samba SSL Certificates - Zentyal 5
Post by: stefanobr on July 09, 2020, 02:58:25 am
Hi all,

An external company did a pen test on our Zentyal servers and found some issues with the samba certificates, namely:
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Medium Strength Cipher Suites Supported (SWEET32)

How would I go about solving this? Do I need to issue new, self signed certificates for samba? Or am I completely off track?

Thank you so much in advance!

Regards,
S~
Title: Re: Samba SSL Certificates - Zentyal 5
Post by: doncamilo on July 14, 2020, 02:58:27 pm
 :)

Read this: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC)

Prepare your own certificates with the needed options with openssl.

Cheers!